An information security policy was amended recently to support an organization's new information security strategy. Which of the following should be the information security manager's NEXT step?
An information security policy was amended recently to support an organization's new information security strategy. Which of the following should be the information security manager's NEXT step?
Once the information security policy has been amended to support a new information security strategy, the next logical step for the information security manager is to update the relevant standards and procedures. These standards and procedures provide detailed guidance on how to implement the policies day-to-day and ensure that the strategy is effectively put into practice across the organization. Without updated standards and procedures, the amended policy may not be consistently followed or effectively enforced.
I like B because evaulating to the business strategy should have been done already.
need to evaluate to business strategy.
I agree, the answer should be B. The business strategy alignment would've already been completed.
A. Evaluate the alignment with business strategy Before making any further changes or updates, it's essential to ensure that the recently amended information security policy aligns with the organization's new information security strategy and, more importantly, with the overall business strategy. This alignment ensures that information security efforts are in sync with the organization's goals and objectives. Once alignment is confirmed, the information security manager can proceed with other tasks.
changing to answer B
Information security strategy is already aligned to business, so no need to realign. B. Update standards and procedures
B. Update standards and procedures
Β is the best answer .
B. Update standards and procedures A was done already
B. Update standards and procedures
Wouldn't you review the technical controls first and then amend the standards and policies based on the requirements of technical controls. For example: if the new regulation dictates that all banks online portal access requires a 12 digit alpha numeric password and if you are updating the standard and guidelines only to find out your control is not capable of accommodating more than 10 characters, you will do a control upgrade and then update the standard and guidelines, is that correct?
I would go with A..The question specifically said the strategy is NEW..if it is a new strategy then it needs to be align with the business..